From 7b12978039208e4c59c294baeee877b4d122d747 Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Fri, 21 Jan 2022 21:01:08 +0100 Subject: Add testing of AuthPAMExpiredRedirect, using pam_unix and sp_max in shadow. The chmod g+r /etc/shadow approach is obviously only for testing. --- tests/auth.conf | 19 +++++++++++++++++++ tests/config.sh | 5 +++++ tests/pam-webl | 2 ++ tests/run.sh | 11 +++++++++++ 4 files changed, 37 insertions(+) create mode 100644 tests/pam-webl (limited to 'tests') diff --git a/tests/auth.conf b/tests/auth.conf index 481db08..1e41de9 100644 --- a/tests/auth.conf +++ b/tests/auth.conf @@ -35,3 +35,22 @@ ScriptAlias /authnp2 /var/www/cgi-bin/auth.cgi AuthPAMService web Require pam-account web2 + +ScriptAlias /authnp3 /var/www/cgi-bin/auth.cgi + + AuthType Basic + AuthName "private area" + AuthBasicProvider PAM + AuthPAMService webl + Require pam-account webl + + +ScriptAlias /authnp4 /var/www/cgi-bin/auth.cgi + + AuthType Basic + AuthName "private area" + AuthBasicProvider PAM + AuthPAMService webl + AuthPAMExpiredRedirect http://localhost/fix-password + Require pam-account webl + diff --git a/tests/config.sh b/tests/config.sh index 131767e..255c0dd 100755 --- a/tests/config.sh +++ b/tests/config.sh @@ -11,6 +11,7 @@ cp -p tests/auth.cgi /var/www/cgi-bin/auth.cgi cp -p tests/pam-exec /usr/bin/pam-exec cp tests/pam-web /etc/pam.d/web cp tests/pam-web /etc/pam.d/web2 +cp tests/pam-webl /etc/pam.d/webl chmod a+x /var/log/httpd touch /var/log/httpd/pam_exec.log chown apache /var/log/httpd/pam_exec.log @@ -19,3 +20,7 @@ if rpm -ql httpd | grep mod_authn_socache ; then cat tests/auth-socache.conf >> /etc/httpd/conf.d/auth.conf fi htpasswd -bc /etc/htpasswd alice Tajnost +useradd user1 +echo user1:heslo1 | chpasswd +chgrp apache /etc/shadow +chmod g+r /etc/shadow diff --git a/tests/pam-webl b/tests/pam-webl new file mode 100644 index 0000000..7ae90c8 --- /dev/null +++ b/tests/pam-webl @@ -0,0 +1,2 @@ +auth sufficient pam_unix.so +account required pam_unix.so diff --git a/tests/run.sh b/tests/run.sh index 521652e..ed51b6f 100755 --- a/tests/run.sh +++ b/tests/run.sh @@ -49,6 +49,17 @@ next_log | grep 'account .bob. ok' | wc -l | grep '^2$' echo Secret2 > /etc/pam-auth/bob curl -u bob:Secret -s -D /dev/stdout -o /dev/null http://localhost/authn | tee /dev/stderr | grep 401 +curl -u userx:heslox -s http://localhost/authnp3 | tee /dev/stderr | grep 401 +curl -u user1:heslox -s http://localhost/authnp3 | tee /dev/stderr | grep 401 +curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 'User user1' +curl -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'User user1' +chage -d $(date -d -2days +%Y-%m-%d) -M 1 user1 +curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 401 +curl -i -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'Location: http://localhost/fix-password' +chage -d $(date -d -2days +%Y-%m-%d) -M 3 user1 +curl -u user1:heslo1 -s http://localhost/authnp3 | tee /dev/stderr | grep 'User user1' +curl -u user1:heslo1 -s http://localhost/authnp4 | tee /dev/stderr | grep 'User user1' + if rpm -ql httpd | grep mod_authn_socache ; then echo "Testing AuthBasicProvider socache PAM + AuthnCacheProvideFor PAM" rm /etc/pam-account/bob -- cgit